{
  pkgs,
  config,
  lib,
  inputs,
  ...
}:
let
  shellType = config.my.shell.type;
  krita-thumbnailer = pkgs.writeTextFile {
    name = "krita-thumbnailer";
    destination = "/share/thumbnailers/kra.thumbnailer";
    text = ''
      [Thumbnailer Entry]
      Exec=sh -c "${pkgs.unzip}/bin/unzip -p %i preview.png > %o"
      MimeType=application/x-krita;
    '';
  };
in
{
  imports = [
    ./hardware-configuration.nix
    ./network.nix
    ../../config/base.nix
    ../../config/stylix.nix
    ../../environments/gnome.nix
  ];
  my = import ./toggles.nix { inherit inputs; } // {
    nix = {
      cores = 8;
      maxJobs = 8;
    };
    users.nixremote = {
      enable = true;
      authorizedKeys = inputs.self.lib.getSshKeys [
        "nixserver"
        "nixminiserver"
      ];
    };
  };
  sops.secrets."workstation/private" = lib.mkIf config.my.secureHost {
    sopsFile = ../../secrets/wireguard.yaml;
  };
  home-manager.users.jawz.programs = {
    vscode = {
      enable = true;
      package = pkgs.vscodium-fhs;
    };
    ghostty = {
      enable = true;
      package = pkgs.ghostty;
      enableBashIntegration = shellType == "bash";
      enableZshIntegration = shellType == "zsh";
      installBatSyntax = true;
      installVimSyntax = true;
      settings.term = "xterm-256color";
    };
  };
  networking.hostName = "workstation";
  users = {
    groups.ai = { };
    users.jawz.packages = [
      (pkgs.google-cloud-sdk.withExtraComponents [
        pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
      ])
    ]
    ++ builtins.attrValues {
      inherit (pkgs)
        distrobox # install packages from other os
        gocryptfs # encrypted filesystem! shhh!!!
        vcsi # video thumbnails for torrents, can I replace it with ^?
        keypunch # practice typing
        google-cloud-sdk-gce
        ;
    };
  };
  environment = {
    pathsToLink = [ "share/thumbnailers" ];
    systemPackages = builtins.attrValues {
      # thumbnail for heif files & videos
      inherit krita-thumbnailer;
      inherit (pkgs.libheif) out;
      inherit (pkgs)
        libheif
        ffmpegthumbnailer
        bign-handheld-thumbnailer
        gnome-epub-thumbnailer
        podman-compose
        scrcpy
        codex
        claude-code
        claude-monitor
        ;
      inherit (inputs.clip-tools.packages.${pkgs.stdenv.hostPlatform.system})
        clip-thumbnailer
        ;
    };
    etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
      bluez_monitor.properties = {
          ["bluez5.enable-sbc-xq"] = true,
          ["bluez5.enable-msbc"] = true,
          ["bluez5.enable-hw-volume"] = true,
          ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
      }
    '';
  };
  programs = {
    kdeconnect = {
      enable = true;
      package = pkgs.gnomeExtensions.gsconnect;
    };
    obs-studio = {
      enable = true;
      enableVirtualCamera = true;
      plugins = builtins.attrValues {
        inherit (pkgs.obs-studio-plugins)
          obs-vkcapture
          obs-vaapi
          obs-tuna
          input-overlay
          ;
      };
    };
  };
  security.pki.certificateFiles = [
    ../../secrets/ssh/iqQCY4iAWO-ca.pem
    ../../secrets/ssh/root-private-ca.pem
  ];
  services = {
    flatpak.enable = true;
    open-webui = {
      enable = true;
      port = config.my.ports.openWebui;
      host = config.my.ips.wg-workstation;
    };
    scx = {
      enable = true;
      scheduler = "scx_lavd";
    };
    btrfs.autoScrub = {
      enable = true;
      fileSystems = [ "/" ];
    };
    protonmail-bridge = {
      enable = true;
      path = [ pkgs.gnome-keyring ];
    };
    ollama = {
      enable = true;
      acceleration = "cuda";
      models = "/srv/ai/ollama";
      user = "ollama";
      group = "ai";
      port = config.my.ports.ollama;
      host = config.my.ips.wg-workstation;
    };
    sillytavern = {
      enable = true;
      port = config.my.ports.sillytavern;
      group = "ai";
      whitelist = true;
      listenAddressIPv4 = config.my.ips.wg-workstation;
    };
  };
}